28 matches found
CVE-2024-0756
The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page...
GHSA-FCR8-4R9F-R66M nbgrader's `frame-ancestors: self` grants all users access to formgrader
Impact Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration of enablesubdomains = False. 1915 disables a protection which would...
CVE-2022-28649
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description...
UBUNTU-CVE-2021-3660
Cockpit and its plugins do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks...
[ MDVSA-2014:111 ] otrs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:111 http://www.mandriva.com/en/support/security/ Package : otrs Date : June 10, 2014 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerabilities: A logged in attack...
Mandriva Linux Security Advisory : otrs (MDVSA-2014:111)
Updated otrs package fixes security vulnerabilities : A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...
Updated otrs packages fix multiple vulnerabilities
Updated otrs package fixes security vulnerabilities: A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...
focus() behavior can be used to inject or steal keystrokes — Mozilla
Google security researcher Michal Zalewski reported that focus could be used to change a user's cursor focus while they are typing, potentially directing their keyboard input to an unintended location. This behavior was also present across origins when content from one domain was embedded within...